Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft SharePoint Server vulnerabilities could allow remote code execution


Report ID: MS201309001
Date Published: 11 September 2013

Criticality: Critical
Compromise Type: denial-of-service remote-code-execution privilege-escalation
Compromise From: remote


Affected Product/Component:

Microsoft Windows SharePoint Services 2.0
Microsoft Windows SharePoint Services 3.0
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Server 2010
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Excel Services
Microsoft Business Productivity
Word Automation Services
Microsoft Excel Web App 2010




Summary

Ten vulnerabilities reported found in the Microsoft SharePoint Server could lead to denial of service, remote code execution and escalation of privilege situations.



Detailed Description

Microsoft has released a security update to address ten reported vulnerabilities in the Microsoft SharePoint Server. One is a denial of service vulnerability caused by improper starting of an unassigned workflow; Two are escalation of privilege vulnerabilities caused by improper sanitization of a request; and the other seven are remote code execution vulnerabilities caused by improper handling of objects in memory and improper input validation.

All of these vulnerabilities have been patched through the latest update, and users are recommended to install the update onto their system as a protection measure against exploit attempts.



CVE Reference

CVE-2013-0081, CVE-2013-1315, CVE-2013-1330, CVE-2013-3179, CVE-2013-3180, CVE-2013-3847, CVE-2013-3848, CVE-2013-3849, CVE-2013-3857, CVE-2013-3858



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-067)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.